[Samba] samba fails to connect to windows file share joined to domain
Rowland Penny
rpenny at samba.org
Wed Dec 13 18:07:29 UTC 2023
On Wed, 13 Dec 2023 10:23:27 -0700
jacek burghardt via samba <samba at lists.samba.org> wrote:
> 1. Do you want to setup a domaincontroller, fileserver or a client
> The usage case is for client connecting to windows shares.
OK, in which case your existing smb.conf requires a total re-write.
> 2. If you want to setup a fileserver or client tell us if you joined
> to the domain "net ads testjoin" is showing this.
> Join to domain is not valid: LDAP_INVALID_CREDENTIALS
This could be for several reasons, your existing smb.conf isn't allowing
the join, or you just haven't joined the domain, for instance.
> 3. Did you change your smb.conf to define your role DC or filserver or
> client. At the moment it's a little bit from everything.
> What is proper config for a client ?
Based on what you posted, try this one:
[global]
workgroup = HEBE
security = ADS
realm = HEBE.US
winbind use default domain = Yes
winbind refresh tickets = yes
winbind offline logon = yes
dns proxy = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config HEBE : backend = rid
idmap config HEBE : range = 10000-20000
template shell = /bin/bash
vfs objects = acl_xattr shadow_copy2
map acl inherit = Yes
printcap name = /dev/null
load printers = no
disable spoolss = yes
printing = bsd
log level = 3
max log size = 50
log file = /var/log/samba/log.%m
ntlm auth = mschapv2-and-ntlmv2-only
There are no shares shown, because the only shares you did show
'sysvol' & 'netlogon' shouldn't be on a fileserver.
Stop any Samba daemons, then run:
sudo net ads join -UAdministrator
Enter the Administrator password when prompted.
Once the join has succeeded, start the Samba daemons.
Rowland
More information about the samba
mailing list